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Version Marked to Show Changes 

The specification has been amended as follows: 
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BACKGROUND OF THE INVENTION 

Field of the Invention 

The present invention is directed to a method for operating a data processing system with 
copy protection for user programs. 
Description of the Related Art 

The production of user programs requires considerable development time and specific know 
how; it is therefore relatively involved. User programs are often loaded onto storage media, for 



O example on CDROMs, and supplied to the user in this condition. Such storage media are relatively 

inexpensive and are unrelated to the economic outlay that is incurred in the production of the user 
program. It is not only relatively easy to make legal backup copies of such storage media with 
traditional data processing systems, but bit pirated copies of these user programs can also be easily 
produced and handed over to further users for a certain price or distributed in some other way. The 
producer of the user programs thus suffers considerable damage. 

Numerous copy protection methods have been developed in order to put an aad end to this 
practice. In a widespread copy protection method, a dongle is employed that is plugged onto a 
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parallel interface, onto a serial interface or of a USB bus of a data processing system. This dongle 
is supplied to the user together with the user program. The dongle as well as the user program 
contain the same copy protection identification in the form of alphanumerical characters. The 
presence present of the dongle and, thus, of the copy protection information, is queried either at the 
program start or continuously during the program operation. When an attempt is made to operate 
the user program without the dongle, then the program it is aborted. 

When there are a great number of users who require different user programs, then a dongle 
is to be provided for each user. One storage medium per user must then be provided, the user 
programs intended for this user being contained thereon and then containing the same copy 
protection identification as the respective dongle. When a user orders following user programs, then 
the following steps are respectively required: producing a storage medium for this user; storing the 
user programs requested by the user; and providing the user programs with the copy protection 
identification of the dongle. Such a procedure is involved both for the user as well as for the 
producer of such user programs. US Patent No. -A- 5,386,369 discloses a method based on dongles. 

SUMMARY OF THE INVENTION 

An object of the present invention is to provide offer a method for operating a data 
processing system with copy protection for user programs that assures a dependable copy protection, 
works simply and can be realized with little outlay for producer and user. 

According to the invention, a method for operating a data processing system with copy 
protection for user programs is provided offered , 

whereby a plurality of application [sic] programs as well as an installation program and a 
cryptoprogram are on hand on a storage medium, 





when processing the installation program on the data processing system, the user inputs a copy 
protection identification, a user identification that identifies the user and an encrypted product 
identification that identifies at least one user program, 

each user program contains a predetermined memory area into which the copy protection 
identification can be entered, 

the installation program compares the copy protection identification that has been input to a copy 
protection identification connected with the data processing system and, given coincidence, 
deciphers the encrypted product identification upon utilization of the user identification as a key, and 
identifies the user program selected in the product identification, 

that [sic] the selected user program is loaded from the storage medium into a memory area of the 
data processing system, 

the cryptoprogram enters the copy protection identification into the predetermined memory area of 
the selected user program, and whereby, 

before the running of the selected user program, the copy protection identification contained in the 
predetermined memory area is compared to the copy protection identification connected with the 
data processing system, and the user program is run only given coincidence. 

According to the present invention, a product identification and a user identification are 
communicated to the user. The product identification, preferably composed of alphanumerical 
characters, identifies — in encrypted form — the user program or, respectively, a plurality of user 
programs purchased by the user. Further, the user contains [sic] the user identification is [7] likewise, 
for example, in the form of alphanumerical characters. This user identification serves as the key for 
the encryption and deciphering of the said product identification. With the assistance of this product 




identification and the user identification, only those programs that are referenced in the product 
identification are enabled for the user. Accordingly, one storage medium, for example a CDROM, 
can contain all user programs of the manufacturer of the user programs. The customer or, 
respectively, user, however, can only access those user programs that he actually ordered and 
purchased and that can be enabled for him. The copy protection with the assistance of the copy 
protection identification is retained, i.e. the data processing system on which the user program is run 
is directly connected to a copy protection identification with the assistance of a hardware module. 
This user program can only be run on the specified data processing system when the user program 
also contains this copyprotection identification; otherwise, operations are aborted. In this way, even 
the production of pirated copies and their forwarding to other users are is [sic] worthless, since this 
other user does not possess the matching user identification, the matching product identification and 
the matching copy protection identification. 

In one exemplary embodiment of the invention, the product identification also contains the 
copy protection identification, whereby this copy protection identification is also compared to the 
copy protection identification connected with the data processing system, and the running of the 
further program steps only continues given coincidence. Usually, the copy protection identification 
is assigned only once. Accordingly, a copy protection for the user programs themselves is still 
present even if the product identification is improperly handed over to another user. 

An authentification between the installation program and the key program is preferably 
undertaken when calling the key program, which enters the copy protection identification in 
predetermined memory areas of the user program. In this way, a traditional, modular key program 
that usually runs on standard data processing systems can be employed. Nonetheless, a protection 




of the key program ensues due to the authentification between key program and installation program, 
and an adequate protection against misuse is established. 

BRIEF DESCRIPTION OF THE DRAWINGS 

An exemplary embodiment of the invention is explained below on the basis of the drawings. 
Shown therein arc: 

Figure 1 is a flowchart that shows critical steps of the inventive method; 

Figure 2 is the flowchart when a new user orders one or more user programs; and 

Figure 3 shows the executive sequence when an old user orders user programs. 
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 

Figure 1 shows the critical steps of the method on the basis of a simple flowchart. The 
customer or user receives a plurality of user programs from the manufacturer of these user programs 
on a storage medium, for example a CDROM, according to the order. The user, for example, has 
only ordered a specific selection of user programs and only paid for these. Nonetheless, many other 
user programs, which could be of use to the user in future and of which he can definitely make 
security copies, are on this storage medium. Further, the user receives a dongle from the 
manufacturer with a copy protection identification KI D . This dongle must be plugged onto the 
parallel interface of the data processing system in order to be able to run the installation program and 
enable a proper operation of the user program, which has yet to be installed. Further, the user 
receives an alphanumerical user identification AI. This user identification serves later as the key for 
deciphering the product identification PI that is likewise given to the user. This product 
identification PI, for example, is likewise composed of alphanumerical characters and contains, on 
the one hand, the copy protection identification KI in encrypted form and, on he other hand, 



references a list of user programs that has fjsie} been licensed to the user by the manufacturer as a 
result of the purchase. 

In Figure 1, step 10, the installation program is loaded on the data processing system of the 
user and is started. The installation program contains a menu prompt and asks for the input of the 
copy protection identification KI given to the user, of the user identification AI and of the product 
identification PI (step 12). A check is carried out in step 14 to see whether the copy protection 
identification KI E that has been input coincides with the copy protection identification KI D contained 
in the dongle. When this is not the case, then a branch to the right is made is step 14 and the 
program execution is aborted. 

An authentification of the installation program and of the key program ensues in a following 
step 16, i.e. a check is carried out to see whether the installation program originally contained on the 
storage medium and the key program are allowed to mutually call one another. The authentification 
ensues, for example, according to the challenge-response principle, which represents a standard 
method for the protection of programs. When the authentification proceeds successfully, a branch 
is made to step 18; otherwise, a program abort follows. The sequence of the steps can also be such 
that step 16 is run first and step 14 thereafter. 

In step 18, the encrypted product identification PI that, for example, has been encrypted 
according to the high-compression Huffmann-Baum method is deciphered. The user identification 
AT given to the user is used as the key in this deciphering. The result of the deciphering step 1 8 is 
that the copy protection identification KI PI and the list of user programs wanted by the user is 
obtained. 




In the following step 20, this list of the user programs is checked for plausibility, i.e. a 
determination can be made as to whether the correct user programs are present. Additionally, a 
checksum check of the list ensues in order to prevent au unauthorized expansion of the license on 
the part of the customer (signature function). 

In step 12, the copy protection identification KI PI contained in the product identification PI 
is compared to the copy protection identification KI D of the dongle of the data processing system. 
One proceeds to the next step 24 given coincidence. Otherwise, the program execution is aborted. 
In step 24, the user can again make a selection from the list of user programs he requested, for 
example select those user programs that are minimally needed for handling a specific job. 

In the following step 26, datafiles that are needed for the user programs and their running are 
established in the data processing system. The key program enters the copy protection identification 
KI into predetermined memory areas for the selected user programs. The installation of the user 
programs has thus been ended in step 28. 

When running the user programs, the copy protection identification KI contained in the 
respective user program is compared to the copy protection identification KI D of the dongle, as is 
traditional traditionally . The user program is run by the data processing system only given 
coincidence. 

As can be seen, advantages derive both at the producer side as well as at the user side. The 
producer can store a plurality of user programs on the available storage medium, for example all user 
programs that are made available to users. Thus, the producer need not write a new storage medium 
dependent on the order of a specific user; rather, a limitation can be made to a single storage medium 
or to a few storage media. The outlay for offering storage media is lowered in this way. A similar 
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advantage derives on the part of the user. The user, upon delivery, receives a plurality of user 
programs from which the user can enable precisely those that the user had ordered and purchased. 
When the user would like to purchase another user program at a later time, then the only thing 
required is the enable of this user program, which already exists, by handing over a new product 
identification PI. The user identification AI can remain the same. The installation itself is simple 
and only requires a short time. The delivery of a new dongle or of a new storage medium is not 
required in many cases. 

The executive sequence shown in Figure 1 can be modified in many respects. For example, 
the user programs can also be kept on hand in a central storage medium that the user can access with 
the Internet. Another modification provides that, after a number of user programs have been offered 
to the user, these are only partly enabled and activated for demonstration purposes of user programs 
that were not ordered. The user can then see the advantage of such further user programs and 
potentially order them, whereby a new storage medium for example a new CDROM, need not be 
sent. 

On the basis of a flowchart, Figure 2 shows the advantages of the said method when a new 

user, who does not yet have access to the storage medium with the user programs, orders user 

programs (block 30) and is licensed therefor by the producer. The producer defines the user data, 

i.e. a user identification AI and a product identification PI are produced; further, a dongle with a 

copy protection identification KI is offered (block 32). The Said data are stored (block 34) in a data 

bank. The user is provided with the user data, i.e. the dongle, the copy protection identification KI, 

the product identification PI and the user identification AI. Further, the user is provided with a 

CDROM on which a plurality of user programs is stored (block 36). The installation of the user 
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programs selected by the user ensues at the user according to the executive sequence steps according 
to Figure 1 (block 38). 

Figure 3 shows the executive sequence when an old user, who already has a CDROM with 
the plurality of user programs, a dongle, a copy protection identification KI and a user identification 
AI, orders user programs (block 40). The producer defines the user data (block 42), i.e. the product 
identification PI (block 44). The user identification AI can remain the same. The corresponding 
data are stored in the data bank (block 46). The user data are given to the user (block 48). The 
installation of the user programs ensues according to the method steps (block 50) indicated in Figure 
1. 

Although other modifications and changes may be suggested by those skilled in the art, it is 
the intention of the inventors to embody within the patent warranted hereon all changes and 



fy modifications as reasonably and properly come within the scope of their contribution to the art. 
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List or Reference Characters 
10 through 28 method steps 
30 through 50 blocks 



K3 copy protection identification 

copy prot e ction identification in the dongl e 

Klg th e copy prot e ction id e ntification input by th e us e r 

KJpf th e copy prot e ction id e ntification contain e d in th e product id e ntification PI 

Af user identification 

HE product identification 



The claims have been amended as follows: 
Amend the claims as follows: 
We claim: Claims 

1 . A method Method for operating a data processing system with copy protection for user 
programs, comprising the steps of: whereby 

directly connecting the data processing system can be directly connected to a copy protection 
identification ffcl^) via a hardware module, comprising the following steps: 

fa) providing a plurality of application fsie} programs as well as an installation program and a 

cryptoprogram arc on hand on a storage medium (CDROM) intended for the user, 

fb) communicating a user identification (AJ) that identifies the user, an encrypted product 

identification f¥f) that references at least one user program and a copy protection 
identification (K^) are communicat e d to the user, whereby the communicated copy 
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protection identification corresponding (Kle) — correopondo to the copy protection 

identification (KIb) connected via the hardware module, 
(e) when processing the installation program on the data processing system, inputting the 

communicated copy protection identification (KI e ), the user identification (AI) and the 

product identification (PI) arc input , 
(el) providing each user program with contains a predetermined memory area into which the copy 

protection identification (KI) can be entered, 
fe2) comparing by the installation program compares the copy protection identification (Klg) that 

has been input to the copy protection identification (KI^) connected with the hardware 

module and, 

given coincidence, deciphering deciphers the encrypted product identification (PI) upon utilization 

of the user identification (AI) as key, and 
identifying identifies the user program referenced in the product identification (PI), 
(e3) loading the selected user program is loaded from the storage medium (CDROM) into a memory 

area of the data processing system, 
(e4) entering by the cryptoprogram enters the copy protection identification (K3) into the 

predetermined memory area of the selected user program, and whereby 
(d) before fee running ef the selected application [sic] program, comparing the copy protection 

identification (KI) contained in the predetermined memory area i3 compared to the copy 

protection identification (KI B ) directly connected with the data processing system via the 

hardware module, and 
running the user program is run only given coincidence. 




2. A method Method according to claim 1, wherein characterized in that, 

when running the installation program, further running of the installation program is only continued 
after the comparison of the copy protection identification {Klg) that has been input to the copy 
protection identification (K^) connected with the data processing system given coincidence. 

3. A method Method according to claim 1 m^, wherein characterized in that the product 
identification (14) also contains the copy protection identification (KIh), and further comprising the 
step of: 

comparing said in that this copy protection identification (Kt^) io compared to the copy protection 

identification (Ki&) connected with the data processing system, and fee 
continuing running of the further program steps is continued only given coincidence. 

4. A method Method according to claim L further comprising the steps of: 
referencing one of the preceding claims, characterized in that the product identification (PI) 

references a plurality of application fste} programs in said product identification : in that 
determining a list of said these application [sic] programs is determined upon decipherment of the 

product identification (HE); and in that this 
checking said list is checked for correctness. 

5 . A method Method according to claim 4 -t, wherein said step of checking said characterized 
in that the check of the list for correctness ensues on a the basis of a checksum check. 
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6. A method Method according to claim 1, further comprising the step of: one of the 
preceding claims, characterized in that the 

accepting a user makes a selection from the application [sic] programs of the list; and in that 
loading only the selected application [sic] programs arc loaded from the storage medium into the 
memory area of the data processing system. 

7. A method Method according to claim L further comprising the step of: one of the 
preceding claims, characterized in that 

undertaking an authentication between the installation program and the key program is undertaken 
when the key program is called. 

8. A method Method according to claim 7, wherein said characterized in that the 
authentification is implemented according to a the known challenge-response protocol. 



Q 9. A method Method according to claim K wherein [one of the preceding claims, 

characterized in that the] product identification is compressed according to a [the] static Huffman- 
Baum method. 



10. A method Method according to claim L wherein one of the preceding claims, 
characterized in that the copy protection identification (KI^) connected with the data processing 
system is situated on a hardware module that is permanently connected to the data processing 
system. 




1 1 . Method according to claim 10 1 1 [sic], characterized in that the hardware module is a 
dongle that is pluggably connected to at least one of a parallel interface and or to a serial interface 
and or to a USB bus of the data processing system; and said in that this dongle including contains 
the copy protection identification (JS^)r 



The new abstract has been added as follows: 

Abstract of the Disclosure 
A method for operating a computer with copy protection for user programs provides that the 
user receives a copy protection identification, a user identification and an encrypted product 
03 identification. The product identification is decoded using the user identification as a key, so that 
the desired user program is determined. The key program inputs an encrypted sequence formed on 
the basis of the copy protection identification into a storage area of the selected user program. The 
p user program is executed only if the copy protection identification of the computer matches the copy 
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CS protection identification of the user program. 
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